Our annual State of the Market Panel Discussion kicked off on February 4th, diving deep into what’s next for cyber insurance in 2025. Industry heavyweights—Rich Gatz (Arch Insurance Group), Jessica Klipphahn (WTW), Stacie Lilien (Silverfort), and Lawrence Baldino (DUAL North America)—shared their insights on underwriting challenges, evolving threats, and where the market is headed.
Missed it? Here are the key takeaways.
Cyber Insurance Underwriting Trends in 2025
Cyber underwriting is evolving fast. In 2025, it’s no longer enough to just check boxes on an application. Underwriters need to ask smarter questions and dig deeper into risk management.
"Are we just checking boxes, or are we actually asking the right questions to help us effectively underwrite this account?"
In other words, underwriters need to focus on pre-incident risk management—ensuring policyholders aren’t just insurable but truly prepared for a cyber event.
Cyber Insurance Threats Landscape in 2025
Ransomware continues to be a major threat in cyber insurance in 2025, and experts agree that it isn’t likely to subside any time soon. While payments have declined, threat actors have grown bolder, leveraging triple extortion tactics in retaliation to recent crackdowns. For example, while the sanctioning of LockBit disrupted some groups, a resurgence remains possible.
"I don’t think ransomware is over. It’s still here to stay. Even though we're seeing a reduction in ransomware payments, we are still seeing a lot of ransomware claims and so even though we're not making payments we're still spending a lot of money on business interruption.”
Beyond ransomware, Business Email Compromise (BEC) and Funds Transfer Fraud (FTF) are surging—FTF incidents nearly doubled from 2023 to 2024, with over 60% of cyber incidents originating from email breaches. Privacy class action litigation is also rising, fueled by data breaches and obscure laws like wiretapping statutes and the Video Privacy Protection Act. These long-tail claims could significantly impact carrier loss ratios this year, adding further complexity to the evolving cyber risk landscape.
Cyber Insurance Predictions for 2025
The panelists shared insights into what 2025 might look like for the cyber insurance market, touching on emerging markets, increased competition, and evolving risks.
Emerging Markets
Expect new players flooding the market, bringing more capacity and fiercer competition.
"We're going to see a lot of new entrants to the market. That means more capacity and more competition on the carrier side."
While this opens up opportunities, it also raises concerns about maintaining underwriting standards and pricing stability.
New Client Opportunities
With increased competition, insurers must prioritize long-term relationships over transactional deals.
"We need clients to stop shopping deals on an annual basis and focus on building long-term strategic relationships."
Instead of chasing the lowest premiums each year, businesses should commit to sustainable risk management partnerships—a win-win for insurers and policyholders alike.
AI-driven threats
AI-powered attacks are becoming more sophisticated, enabling cybercriminals to automate phishing scams, bypass security controls, and exploit vulnerabilities at scale. Deepfake video and voice impersonation have already facilitated high-value fraud, while AI-generated phishing emails now mimic human communication with near-perfect accuracy. Additionally, AI-driven open-source hacking tools accelerate password cracking and network intrusions.
From an insurance perspective, the rise of AI-generated fraud is prompting a reassessment of coverage terms. Some insurers are considering AI-specific exclusions, particularly for social engineering schemes, while attribution challenges could complicate claims. Going forward, insurers may require enhanced security measures, such as AI-detection software, to mitigate these risks.
As AI-driven cybercrime evolves, policyholders and insurers must adapt to ensure adequate coverage and risk mitigation strategies.
Summary: Cyber Insurance in 2025
Cyber insurance in 2025 is shifting fast. More competition, evolving threats, and rising claims severity will test the market. Meanwhile, AI is reshaping cyber risks at breakneck speed. Cyber insurance in 2025 will continue to face AI-driven threats. Cyber insurance will play an increasingly critical role in risk management. Open-source AI tools have made social engineering attacks more sophisticated, with deepfake video calls and AI-generated phishing schemes bypassing even strong security measures. This reinforces the need for cyber insurance, as some attacks will inevitably succeed despite robust defenses. While comprehensive cyber policies already cover most AI-related security incidents, some insurers are exploring AI-specific exclusions, particularly for risks like copyright infringement from AI-generated content. However, enforcing these exclusions in claims may prove difficult, as AI is generally viewed as a tool rather than a direct cause of cyber incidents.
As cyber threats evolve, cyber insurance 2025 will face new challenges and opportunities. Increased competition and market expansion will drive pricing dynamics while rising claims severity—especially from ransomware, BEC, and privacy litigation—will test insurer profitability. AI will continue to shape the threat landscape as a tool for attackers. As we move forward, cyber insurance will remain a critical safeguard in an increasingly complex digital world.
